49 local func = function(x) return x; end; |
49 local func = function(x) return x; end; |
50 if password then |
50 if password then |
51 if mechanism == "PLAIN" then |
51 if mechanism == "PLAIN" then |
52 return func, password; |
52 return func, password; |
53 elseif mechanism == "DIGEST-MD5" then |
53 elseif mechanism == "DIGEST-MD5" then |
54 return func, require "hashes".md5(node..":"..host..":"..password); |
54 return func, require "md5".sum(node..":"..host..":"..password); |
55 end |
55 end |
56 end |
56 end |
57 return func, nil; |
57 return func, nil; |
58 end |
58 end |
59 |
59 |
60 function do_sasl(session, stanza) |
60 function sasl_handler(session, stanza) |
|
61 if stanza.name == "auth" then |
|
62 -- FIXME ignoring duplicates because ejabberd does |
|
63 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); |
|
64 elseif not session.sasl_handler then |
|
65 return; -- FIXME ignoring out of order stanzas because ejabberd does |
|
66 end |
61 local text = stanza[1]; |
67 local text = stanza[1]; |
62 if text then |
68 if text then |
63 text = base64.decode(text); |
69 text = base64.decode(text); |
64 if not text then |
70 if not text then |
65 session.sasl_handler = nil; |
71 session.sasl_handler = nil; |
72 local s = build_reply(status, ret, err_msg); |
78 local s = build_reply(status, ret, err_msg); |
73 log("debug", "sasl reply: "..tostring(s)); |
79 log("debug", "sasl reply: "..tostring(s)); |
74 session.send(s); |
80 session.send(s); |
75 end |
81 end |
76 |
82 |
77 add_handler("c2s_unauthed", "auth", xmlns_sasl, |
83 add_handler("c2s_unauthed", "auth", xmlns_sasl, sasl_handler); |
78 function (session, stanza) |
84 add_handler("c2s_unauthed", "abort", xmlns_sasl, sasl_handler); |
79 if not session.sasl_handler then |
85 add_handler("c2s_unauthed", "response", xmlns_sasl, sasl_handler); |
80 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); |
|
81 do_sasl(session, stanza); |
|
82 else |
|
83 error("Client tried to negotiate SASL again", 0); |
|
84 end |
|
85 end); |
|
86 |
|
87 add_handler("c2s_unauthed", "abort", xmlns_sasl, |
|
88 function(session, stanza) |
|
89 if not session.sasl_handler then error("Attempt to abort when sasl has not started"); end |
|
90 do_sasl(session, stanza); |
|
91 end); |
|
92 |
|
93 add_handler("c2s_unauthed", "response", xmlns_sasl, |
|
94 function(session, stanza) |
|
95 if not session.sasl_handler then error("Attempt to respond when sasl has not started"); end |
|
96 do_sasl(session, stanza); |
|
97 end); |
|
98 |
86 |
99 add_event_hook("stream-features", |
87 add_event_hook("stream-features", |
100 function (session, features) |
88 function (session, features) |
101 if not session.username then |
89 if not session.username then |
102 t_insert(features, "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"); |
90 t_insert(features, "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"); |